The original post, which started all this discussion was about your MX SMTP servers and not about your client submission servers - those are good and anyone can check themselves easily:
Quote:
openssl s_client -connect smtp.fastmail.com:587 -starttls smtp -ssl3
|
This command should fail to connect. More tests can be done at
https://pentest-tools.com/network-vu...er-online-nmap
But let's go back to MX SMTP servers - the is no doubt that all servers support unencrypted connection, however I state that IF connection is encrypted, it should not:
- Allow fall back to unencrypted
- Support the same encryption level as client SMTP sevrer
That's what FastMail competitors do.
And that marketing blurb was not relevant to the issue.
I would understand if
ChinaLamb would respond with clear explanation that SSLv3 with weak ciphers is only for server-to-server transport and is set up that way to maximize compatibility.
But no,
ChinaLamb ended up saying that poster's fault in not understanding "marketing speech":
Quote:
If you want to understand about security, you need to understand that post. It is the entire reason this service is different than others.
|
Very unprofessional, if you ask me.
And yes, FastMail is different - providing less secure SMTP transport options than others - in order to be more compatible... But why? To get more spam? Because those broken MX SMTP servers out there are more prone to be hacked and start sending spam...